Senior Cloud Security Engineer (L2)

The Sr. Cloud Security Engineer plays a key role in securing the organization’s multi-cloud environment by enhancing visibility, compliance, and threat detection through Cloud Security Posture Management (CSPM) and workload protection tools. This role supports the onboarding and optimization of CSPM solutions, helping to identify and remediate security risks while ensuring alignment with best practices.

Working closely with the Global Information and Cyber Security Defense (ICSD) team, the engineer will manage and maintain cloud security platforms, triage and fine-tune alerts, and support incident response efforts. The ideal candidate combines strong analytical skills with hands-on cloud experience to enable secure and scalable cloud adoption across the organization.

In addition, the individual will contribute to the broader Security Engineering team, supporting the development and maintenance of the organization’s security infrastructure. The ideal candidate combines a deep understanding of cybersecurity operations with a strong background in Cloud Security to build scalable, resilient, and secure systems.

Note that visa employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.

The Role:

• Serve as the subject matter expert for WTW's CSPM and CWPP tools, managing daily operations, integrations, and ongoing optimization.
• Administer, maintain, fine-tune, and automate threat and vulnerability management in the cloud using the CSPM solution
• Continuously refining detection rules and operational alerts within WTW’s broader cloud security platforms to improve signal-to-noise ratio and enhance incident response effectiveness
• Implement and manage Cloud Security Tools.
• Leverage CSPM insights to identify emerging threats and misconfigurations in cloud environments (AWS, Azure, GCP).
• Work with internal Security, DevOps, and Engineering teams to ensure compliance and remediation of cloud security findings.
• Conduct cloud security risk assessments and drive remediation based on findings.
• Develop dashboards and reports using Cloud tools to measure cloud security posture, effectiveness, and trends.
• Maintain and enhance security monitoring, logging, and incident response capabilities for cloud environments (AWS, Azure, GCP)
• Support the administration and management of security tools within the Security Engineering team.
• Create technical documentation and deliver enablement sessions to enhance security awareness and practices within engineering teams.

The Requirements:

• 5+ years of experience in Information Security, Cloud Security, or Security Engineering.
• Strong understanding of Azure configuration for securing resources and knowledge of compliance standards such as CIS, NIST, and ISO.
• Proficiency in CSPM tools such as Microsoft Defender for Cloud, Wiz, Orca, Check Point Cloud Guard, or similar.
• Strong understanding of cloud security frameworks and standards (CIS, NIST, CSA, MITRE ATT&CK).
• Experience with cloud-native security controls, including IAM, KMS, VPC security, encryption, logging, and monitoring.
• Experience with SIEM/analytics tools (e.g., Microsoft Sentinel, Splunk), particularly in the context of policy configuration, fine-tuning, and SOAR platforms.
• Functional knowledge of PowerShell, Azure Automation, Kusto Query Language (KQL), and terraform.
• Deep understanding of CI/CD pipelines and integrating security into DevOps workflows.
• Proven ability to deploy, configure, and maintain CSPM and CWPP tools in production environments.

Other Knowledge, Skills and Abilities

• Strong communication and collaboration skills, with proven experience working in cross-functional global teams.
• Strong problem-solving and critical thinking skills for addressing security issues and finding effective solutions.
• Outstanding written and verbal communication skills.
• Ability to work both independently and collaboratively in a fast-paced environment.
• Strong communication skills, with the ability to explain security concepts to non-technical stakeholders.

Certifications (Preferred):

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• CompTIA Security+ / CySA+ / CASP+
• Any other relevant cloud security certifications

Compensation and Benefits

Base salary range and benefits information for this position are being included in accordance with requirements of various state/local pay transparency legislation. Please note that base salaries may vary for different individuals in the same role based on several factors, including but not limited to location of the role, individual competencies, education/professional certifications, qualifications/experience, performance in the role and potential for revenue generation.

Compensation

The base salary compensation range being offered for this role is $100,000-$110,000 USD per year.

This role is also eligible for an annual short-term incentive bonus.

Company Benefits

WTW provides a competitive benefit package which includes the following (eligibility requirements apply):

• Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Group Accident, Group Critical Illness, Life Insurance, AD&D, Group Legal, Identify Theft Protection, Wellbeing Program and Work/Life Resources (including Employee Assistance Program)
• Leave Benefits: Paid Holidays, Annual Paid Time Off (includes paid state/local paid leave where required), Short-Term Disability, Long-Term Disability, Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave), Paid Time Off
• Retirement Benefits: Contributory Pension Plan and Savings Plan (401k). All Level 38 and more senior roles may also be eligible for non-qualified Deferred Compensation and Deferred Savings Plans.

Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles County Fair Chance Ordinance for Employers, we will consider for employment qualified applicants with arrest and conviction records.

This position will remain posted for a minimum of three business days from the date posted or until sufficient/appropriate candidate slate has been identified.

EOE, including disability/vets